SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution Vulnerability
(CVE-2023-35186)
Summary
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.
Affected Products
- SolarWinds ARM 2023.2.0.73 and prior versions
Fixed Software Release
Acknowledgments
- Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
Advisory Details
Severity
8.0 High
Advisory ID
First Published
10/18/2023
Last Updated
10/18/2023